Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Security Firm Dangles $500,000 for iOS 0-Days

Researchers looking to cash in on working exploits for 0-day and N-day vulnerabilities can now turn to a new bounty program from Exodus Intelligence, which is offering up to $500,000 for certain exploits.

Researchers looking to cash in on working exploits for 0-day and N-day vulnerabilities can now turn to a new bounty program from Exodus Intelligence, which is offering up to $500,000 for certain exploits.

Exodus Intelligence’s Research Sponsorship Program (RSP), which is focused on acquiring vulnerability research and exploits, is now looking for exploits for both zero-day and N-day vulnerabilities, the company announced.

The bounties promised by the company are substantial: working Apple iOS exploits can earn researchers up to $500,000, while working Microsoft Edge exploits could go for as much as $125,000. 

Exodus also reveals that a new bonus structure is rolling out for the acquisition of research and exploits for 0-day vulnerabilities. The company will offer the researcher an initial payment for each of the new 0-day acquired, but only after the request has been reviewed and accepted, and might also send the researcher additional payments every quarter the Zero-Day exploit is still alive.

News of the program comes less than a week after Apple announced that it would offer up to $200,000 for finding vulnerabilities in its products.

“The specific values of the initial payment and quarterly bonus will be included in an offer presented to the researcher, following the review of their work. Additionally, Exodus also offers payment in the form of Bitcoin for Zero-Day research,” the company says.

The RSP website is where the 0-day hitlist can be found, and developers interested in entering the program should register there. Even researchers focused on different areas are encouraged to contact Exodus for consideration.

Interested developers should submit their research through the RSP website and the company promises a response within 10 business days. Depending on the completeness of the research, larger payments could be offered, and researchers might also receive public acknowledgement, if desired, Exodus says.

Advertisement. Scroll to continue reading.

The $500,000 payout for iOS exploits matches that offered by exploit acquisition firm Zerodium in program announced late last year. For a short period, Zerodium even offered up to $1 million for an iOS 9 exploit, which was awarded to Pangu Team, a Chinese group specializing in iOS jailbreaks. 

When it comes to N-day exploits, Exodus says it would consider and purchase only fully functional exploits.

“Through the launch of the RSP, Exodus is excited to be engaging the global research community in our mission to provide the highest quality of vulnerability intelligence in the industry. This additional source of research, supplemented by the investigation and validation of our world-class team, will continue to ensure that our clients receive early notification of the most critical vulnerabilities so that they can offer the best defense possible,” Logan Brown, President, Exodus Intelligence, says.

Related: Zerodium Publishes Prices for Zero-Day Exploits

Related: iOS 9.1 Jailbreak Earns Hackers $1 Million Bounty

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.